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(54) CONTENT DELIVERY METHOD AND CONTENT DELIVERY SYSTEM 



(57) Mobile unit 1 6 wliich can activate Java- A P soft- 
ware receives SDF (Security Descriptive File) 204 from 
administering server unit 1 8 which a trustworthy organ- 
ization (a communication provider which administers 
mobile packet communication network 15) administers, 
and obtains ADF 205 from IP server .unit 13 by using 



URL contained in the SDF, and obtains Jar file 206 from 
IP server unit 1 3 by using ADF 205, and installs In itself 
Java-AP containing these files. Java-AP, which is 
achieved by activating the installed Java-AP software, 
operates within the range of authorization expressed by 
policy information contained in SDF 204. 
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Description 

Tech n leaf Field 

[0001] The present invention relates to transmitting 
application software to terminal units. 

Baci^g round Art 

[0002] Mobile units equipped with a function of exe- 
cuting Java-AP (Java Application) software by carrying 
out a program written In accordance with Java (trade- 
mark registered) programming language, and down- 
loaded via a network are in widespread use. 
[0003] Java-AP software includes a Jar (Java Ar- 
chive) file and an ADF (Applbation Descriptor File). The 
Jar file contains a program, which provides a user with 
certain Java-AP. The ADF Is dependent upon the Jar 
file, and contains, for Instance, URL showing where a 
Jar file is stored (hereinafter, referred to as package 
URL), the size of a Jar file, the most recent date when 
a Jar file is changed and other necessary information. 
[0004] A mobile unit downloads the relevant software 
to the desired Java-AP by following the process de- 
scribed below. First, the mobile unit obtains an ADF per- 
taining to the desired Java-AP from a server unit, which 
constitutes WWW (World Wide Web). 
[0005] The mobile unit, which obtains an ADF checks 
the content of the ADF, and detennlnes whether the Jar 
file pertaining to the desired Java-AP can be Installed In 
the mobile unit. When the mobile unit detennines that 
Java-AP software can be installed, the mobile unit ob- 
tains from a server unit, which constitutes WWW a Jar 
file by using package URL contained in the ADR The 
process of downloading Java-AP software is complete 
when the Jar file is obtained. Hereinafter, in the mobile 
unit, installation of the downloaded Java-AP software is 
canrled out, and the Java-AP software can be activated 
when required. 

[0006] Incidentally, when the Java-AP software is in- 
stalled in a mobile unit the activation of Java-AP is sub- 
ject to greater restriction than the activation of functions 
that are native to the mobile unit, such as a communi- 
cation application function. The activation of a Java-AP 
is restricted In that it is unable to access certain data 
contained in a mobile unit, such as telephone numbers 
for example. By imposing strict restrictions in this man- 
ner, leakage or falsification of confidential data con- 
tained in a mobile unit, occurring due to malfunctioning 
Java-AP or caused intentionally, can be prevented. 
[0007] However, imposing the aboye-mentioned re- 
striction on all Java-AP unifomiiy does not adequately 
meet the needs of a user of a mobile unit or an IP (in- 
formation provider). For instance, some users seem to 
feel that Java-AP could be allowed to refer to some of 
the private information stored in a mobile unit as long as 
security is guaranteed. Also, some IPs wish to provide 
Java-AP, which uses some of the private information 



stored in a mobile unit, orsomeof the functions a mobile 
unit is equipped with. 

[0008] To fulfill these requirements, a system in which 

a trustworthy organization such as a communication 

5 provider providing a communication service to users of 
mobile units working as an authority, is entrusted with 
the responsibility of authorizing Java-AP to operate with 
greater flexibility. Mobile units using Java-AP are noti- 
fied by the authorization of the operational mles set for 

10 Java-AP, and the mobile units can restrict the operation 
of Java-AP on the basis of the prescribed rules. In this 
system, only a trustworthy organization should be en- 
tnjsted to administer the authorization of a more flexible 
operation of Java-AP. 

IS [0009] When the above-mentioned system is applied 
to the downloading process of Java-AP software, infor- 
mation showing the authorization in an ADF or a Jarf lie 
must be included. Since a Jar file is updated byan IP as 
required, and it is appropriate for an IP to own a Jar file, 

20 it is appropriate for the corresponding ADF to contain 
information on the validity of the authorization. 
[0010] However, since the content of an ADF is de- 
pendent upon a Jar file, an ADF owned by a trustworthy 
organization needs to be updated oncean IP updates a 

25 Jar file. Also, updating an ADF becomes necessary at 
times even without the updating of a Jar file, as in the 
instance where access to a certain Jar file gets deluged, 
and the Jar file is moved to another server unit in the IP. 
in this instance, since the location where the Jar file Is 

30 stored Is changed, a package URL contained in the ADF 
needs to be changed. However, since the ADF is admin- 
istered by a trustworthy orgariization and excludes the 
involvement of other agents, the updating operation of 
an ADF could become a very busy one. 

35 

Disclosure of Invention 

[001 1 ] The present invention was developed to over- 
come the stated problems of the conventional art, and 

40 Its object is to provide a transmission method and a 
transmission system for transmitting without restricting 
the freedom of an iP to a terminal unit which allows an 
application to operate in accordance with an authoriza- 
tion, software for achieving an application which Istrans- 

45 mitted by transmitting a plurality of files which are de- 
pendent upon each other. 

[0012] To solve the above-mentioned problem of the 
conventional art. the present Invention provides a trans- 
mission method comprising: a process for transmitting 

50 an authorization file In a communication system in which 
an originator originates a request including information 
showing a storage ofa file and the file is transrnitted in 
response to the request, the process for transmitting In- 
cluding transmitting a security descriptive file as the au- 

55 thorization file from an administering server unit storing 
the security descriptive file through a secure link to a 
tenninal unit, the security descriptive file containing first 
identification Infomiatlonand authorization information. 
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the first identification information showing a storagela- 
cation of an application descriptive file, the application 
descriptive file having information dependent upon an 
entity file, which includes software for executing an ap- 
plication, along with information showing a storage lo- s 
cation of the entity file, the authorization information of 
the security descriptive file Indicating an allowable range 
of an operation of the application which is executed in 
accordance withthe software, the temriinai unit execut- 
ing operation of the application within a range shown io 
bythe authorization infomriatlon; a dependent informa- 
tion obtaining process for the terminal unit to obtain, by 
using the first identification information contained in the 
security descriptive file transmitted from the communi- 
cation system in the authorization transmission process, is 
the application descriptive file from one or a plurality of 
server units in which the application descriptive file is 
stored; and a program obtaining processforthe tenminal 
unit to obtain the entity file from the communication sys- 
tem by using the application descriptive file obtained In 
the dependent infonnation obtaining process. 
[0013] By this transmission method, the terminal unit 
obtains before obtaining the application descriptive file 
and the entity file corresponding to the application, the 
security descriptive file, which Is transmitted by the com- 
municatlon system after security has been assured. In 
the security descriptive file, the authorization given to 
the application Is denoted, and in the terminal unit, the 
application corresponding to the security descriptive file 
is allowed to operate in accordance with the authoriza- 30 
tion denoted by the obtained security descriptive file. 
[0014] Also, the present invention provides a trans- 
mission system comprising: a communication system 
for returning, when a stored location of a file Is notified, 
the file which comprises one or a plurality of server units 35 
in which an entity file containing software for achieving 
an application and an application descriptive file which 
has a content dependent upon the entity file showing a 
stored location of the entity file, and an administering 
server unit In which a security descriptive file containing 40 
a first identification information showing a stored loca- 
tion of the application descriptive file and authorization 
infonnation showing authorization given to an applica- 
tion which is achieved when a terminal unit executes the 
software is stored; and a terminal unit which approves ^5 
operation of an application in accordance with authori- 
zation given tothe application, wherein the administer- 
ing sen/er unit transmits the security descriptive file to 
the terminal unit by assuring security, and wherein the 
terminal unit obtains the application descriptive file by so 
using the first identification infomiation contained In the 
security descriptive file transmitted by the communica- 
tion system, and the entity file from the communication 
system by using the application descriptive file. 
[0015] By this transmission system, the terminal unit, ss 
before obtaining the application descriptive file and the 
entity file corresponding to the application, obtains the 
security descriptive file transmitted by the transmission 
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system after security has been assured. The authoriza- 
tion given to the application is denoted in the security 
descriptive file, and in the tenninal unit, the application 
corresponding to the security descriptive file is allowed 
to operate in accordance with thepermlssion of the au- 
thorization denoted by the obtained security descriptive 
file. 

Brief Description of Drawings 
[0016] 

Fig. 1 is a block diagram showing the configuration 
of the transmission system of one embodiment for 
executing the present Invention. 
Fig. 2 is a conceptual figure showing data configu- 
ration of anADF inherent to the transmission sys- 
tem. 

Fig. 3 is a block diagram showing the configuration 
of mobile unit 16 constituting the transmission sys- 
tem. 

Fig. 4 is a conceptual figure showing the functional 
configuration of mobile unit 16. 
Fig, 5 is a flowchart showing the process of mobile 
unit 1 6 for downloading and Installing Java-AP soft- 
ware. 

Fig. 6 is a conceptual figure showing data configu- 
ration ofan SDF stored in administering server unit 
18 in the transmission system. 
Fig. 7 Is a conceptual figure showing the content of 
policy information contained in the SDF. 
Fig. 8 Is a block diagram for explaining the operation 
of the transmission system. 
Fig. 9 is a diagram showing a list page transmitted 
in the transmission system. 
Fig. 1 0 Is a diagram showing the content of an ex- 
planatory file stored in IP server unit 1 2 constituting 
the transmission system. 

Fig. 11 Is a diagram showing an explanatory page 
transmitted In the transmission system. 
Fig. 12 is a diagram showing the content of an ex- 
planatory file stored In IP sender unit 12. 
Fig. 13 Is a diagram showing an explanatory page 
transmitted in the transmission system. 
Fig. 14 is a diagram showing the content of an ex- 
planatory file stored in IP server unit 13 constituting 
the transmission system. 

Fig. 15 is a diagram showing an explanatory page 
transmitted In the transmission system. 
Fig. 16 is a sequence diagram for explaining the op- 
eration of the transmission system. 
Fig. 17 is a sequence diagram for explaining the op- 
eration of the transmission system. 
Fig. 18 is a sequence diagram for explaining the op- 
eration of the transmission system. 
Fig. 19 is a block diagram for explaining another op- 
eration of the transmission system. 
Fig. 20 is a sequence diagram for explaining anoth- 
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er operation of the transmission system. 

Best Mode of Carrying out the Invention 

[0017] Hereinafter, by referring to figures, a transmis- 
sion system, which is one mode of the present invention 
is explained. In figures, identical codes are given to com- 
mon portions. 

(1) Configuration 

[001 8] As shown in Fig . 1 , in the transmission system, 
IP server units 12 to 14 are connected to Internet 11. IP 
server unit 12 is administered by the first IP (Internet 
Provider), and IP server units 13 and 14 are adminis- 
tered by the second IP, which differs from the first IP. IP 
server units 12 to 14 constitute WWW, and each is 
equipped with similar hardware and functions to those 
of a general WWW server unit. Mobile packet commu- 
nication network 15 Is a network a communication pro- 
vider uses to provide a mobile packet communication 
service. Mobile unit 16 can perform radio packet com- 
munication with mobile packet communication network 
15. Gateway server unit 17 is administered by an iden- 
tical communication provider to that of mobile packet 
cornmunication network 1 5. Gateway server unit 1 7 is a 
unit for connecting mobile packet communication net- 
work 15 and Internet 11, and has similar configuration 
to that of a general gateway server unit. Administering 
server unit 1 8 is connected to gateway server unit 1 7 by 
an exclusive line. Administering server unit 1 8 also con- 
stitutes WWW, and has similar hardware and a function 
to those of a general WWW unit. Gateway server unit 
17 performs packet communication between mobile 
packet communication network 15 and Internet 11, 
packet communication between administering server 
unit 18 and mobile packet communication network 15, 
and packet communication between administering serv- 
er unit 1 8 and Internet 11 . Mobile unit 16, by using the 
relaying function, is able to perfonn packet communica- 
tion with IP server units 1 2 to 14 via mobile packet com- 
munication network 15 and Internet 11 . Several mobile 
units exist In the actual transmission system, but only 
one mobile unit 16 isshown to avoid complicating the 
figures. For the same reason, only IP server units 12 to 
14 are shown.. 

[0019] In the transmission system, mobile unit 16 is 
capable of receiving Java-AP software from the desired 
site on Internet 1 1 . Software which mobile unit 1 6 is ca- 
pable of receiving is distinguished between the one per- 
taining to a trusted Java-AP and the one pertaining to a 
non-tmsted Java-AP. A trusted Java-AP software is one 
which the communication provider administering mobile 
packet communication network 15 guarantees authen- 
ticity of on the basis of the contract with IP administering 
IP server units 1 2 to 1 4. A non-trusted Java-AP software 
is any Java-AP software other than a trusted Java-AP 
software. 



[0020] Administering server unit 18 stores each SDF 
(Security Descriptive File) pertaining to each tmsted 
Java-AP software, which is transmitted In the transmis- 
sion system. SDF is a file, which is produced by thecom- 

5 munication provider administering mobile packet com- 
munication network 15, and is the file necessary for 
downloading Into a mobile unit the Java-AP software, 
which uses trusted API (Application Interface) of the 
mobile unit. An explanation of trusted API will follow lat- 

10 er. As shown in Fig.6, an SDF contains an ARID for de- 
tecting trusted Java-AP software, policy infomiation. 
ADF-URL showing the location where an ADF corre- 
sponding to the Java-AP software is stored, and public 
key CA (Certifying Agent) gives to IP which provides the 

15 Java-AP software. Policy information is the information 
showing restriction on the operation of Java-AP. Policy 
information and the restriction on Java-APs operation 
carried out on the basis of the policy information will be 
explained in detail afterwards. 

20 [0021] In the present embodiment, when a tmsted 
Java-AP software is transmitted to mobile unit 1 6 by one 
of IP server units 12 to 14, an SDF corresponding to the 
trusted Java-AP software is transmitted to mobile unit 
16 by administering server unit 18 in response to the 

25 request from mobile unit 16. in mobile unit 16, when a 
trusted Java-AP software is executed, restriction on the 
trusted Java-AP's operation is carried out on the basis 
of the SDF corresponding to the trusted Java-AP. This 
Is one characteristic of the present, embodiment. As 

30 shown in Flg.1, transmission ofthe SDF Is carried out 
via mobile packet communication network 15, and ad- 
ministering server unit 18 and gateway server unit 17 
are connected by an exclusive line. Also, for transmis- 
sion, the SDF is encrypted. 

35 [0022] Hereinafter, with regard to relevance to the 
characteristics, the configuration of each element of the 
transmission system will be explained. 
[0023] IPserverunits 12, 13and 14 are equipped with 
fixed memory 12A, 13A and 14A respectively. 
. 40 [0024] Fixed memory 12A, 13A and 14A are fixed 
memories such as a hard disc, and store Java-AP soft- 
ware constituting Jar flies and ADF, and explanatory 
files on the content of Java-AP software for users of mo- 
bile units. 

45 [0025] Each Java-AP software stored in fixed memory 
12A, 13A and 14A might be either trusted Java-AP soft- 
ware or non-trusted Java AP software. Whether 
Java-AP is a trusted Java-AP or a non-trusted Java-AP, 
in each ADF of Java-AP software, information such as 

50 a package URL showing the location where a Jar file in 
WWW is stored, infomiation showing the size of the Jar 
file, and information showing the date ofthe most recent 
update are written. Such information Is generally known 
as items to be written in the ADF of a Java-AP software. 

55 Also, the ADF of a trusted Java-AP software, as shown 
In Fig.2, contains an APID of the trusted Java-AP and 
the hash value of the Jar file besides the generally 
known infomnation. Furthermore, the ADF of a trusted 
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Java-AP software is encrypted by a secret key which 
CA gives to an IP which provides the software. 
[0026] Also, the explanatory file is a text file written in 
accordance with HTML. A mobile unit, when a certain 
Java-AP software is downloaded, needs to download 
beforehand the explanatory file corresponding to the 
Java-AP software. The explanatory file contains infor- 
mation for forming Ul (User Interface) for receiving from 
the user the command for downloading Java-AP soft- 
ware. Mobile unit 16 displays the Ul screen in accord- 
ance with the infomnation. The user can carry out the 
operationon mobile unit 16 for specifying the object 
showing the desired Java-APon the Ul screen. The ex- 
planatory file is written for the object specified by the 
user in this manner so as to correspond to the URL 
showing where in WWW the SDF ( ADF if SDF does not 
exist) corresponding to Java-AP software which is the 
object for downloading is located. 
[0027] Each of IP sen/er units 12 to 14 is equipped 
with the function of producing and updating each of the 
above-mentioned files In accordance with the command 
of an IP. 

[0028] Administering server unit 18 is equipped with 
fixed memory 1 8A such as a hard disc. Administering 
server unit 18 establishes a TCP connection with the 
party. When administering server unit 18 receives a re- 
quest message which uses the GET method of HTTP 
from the party via a TCP connection, administering serv- 
er unit 1 8 reads out the file identified by the URL spec- 
ified by the GET method from fixed memory 18A, and 
returns a response message of HTTP containing the file, 
and severs the connection. 

[0029] Also, in the above-mentioned fixed memory 
1 8A are stored, list file 200 for introducing to the user of 

mobile unit 16 downloadable Java-AP software, and re- 
spective SDF corresponding to each Java-AP software 
which is listed in list file 200. 

[0030] Listfile200,asSDF, is the file produced by the 
communication provider in accordance with the contract 
signed by each IP which administers IP server units 12 
to 14, and the communication provider which adminis- 
ters administering server unit 1 8. Listfile 200 is a text file 
written in accordance with HTML. As already explained, 
the mobile unit needs to obtain the explanatory file con- 
taininga URL of an SDF to download the SDF of certain 
Java-AP software. Mobile unit 1 6 can obtain the explan- 
atory file directly by accessing the I P server unit in which 
the explanatory file is stored. However, in the present 
embodiment, mobile unit 16 can obtain the explanatory 
file of the desired Java-AP softwarealso by the following 
process as opposed to the above-mentioned direct 
method. First, mobile unit 16, by accessing administer- 
ing server unit 18, obtains listfile 200, and displays the 
Ul screen accordingly. The user can carry out the oper- 
ation on mobile unit 1 6 to specify the object showing the 
desired Java-AP on the Ul screen. Listfile 200 matches 
the object specified by the user to a URL showing the 
location of the explanatory file of Java-AP software in 



WWW which is the object of downloading. Mobile unit 
16, by using the URL obtained via list file 200, obtains 
the explanatory file from the IP server unit. 
[0031] Mobile unit 16 consists of, as shown in Fig.3, 

5 OS (Operating System) software; ROM 16A in which 
Java-AP environment software for establishing the en- 
vironment for executing the Java-AP, and several types 
of native AP software are stored; CPU 16B which iscon- 
nectedto ROM 16A for reading out a program from ROM 

10 16A and executing the program; displaying unit 16C 
which is connected to CPU 16B; fixed memory i6D; 
RAM 16E; communication unit 16F; and operation unit 
16G. 

[0032] . Displaying unit 16C has, for instance, a liquid 

IS crystal displaying panel, and displays data provided by 
CPU 16B as an image. Fixed memory 16D is, for in- 
stance, SRAM or EEPROM, and data Is read and written 
by CPU 16B. Fixed memory 16D Is used to store. 
Java-AP software (ADF and Jar) downloaded from a 

20 server unit (hereinafter, refen-edtoasa Webserverunit) 
constituting WWW, and an SDF. 
[0033] Communication unit 1 6F perfomris radio pack- 
et communication with mobile packet communication 
network 15, and relays packets between CPU 1 6B and 

25 mobile packet communication network 15. Also, com- 
• munication unit 1 6F is equipped with CODEC, a micro- 
phone, a speaker and so forth for communication be- 
sides an antenna or a radio transmission and reception 
unit. Hence, mobile unit 16, by communication unit 16F, 

30 can perform communication by circuit switching via a 
mobile communication network (not shown). Operation 
, unit 16G is equipped with an operation controller, and 
provides CPU 1 6B a signal in accordance with the oper- 
ation camed out by the operation controller. 

35 [0034] As the switch (not shown) is turned on, CPU 
16B reads out the program contained in OS software 
from ROM 16A, and executes with RAM 1 6E as a wori< 
area. As a result, functions for providirig Ul and so forth 
are executed in CPU 16B. In other words, CPU 16B ac- 

40 tivates OS software, and executes OS of Fig.4 in mobile 
unit 16. OS identifies the command of the user on the 
basis of the signal provided by operation unit 16G and 
the status of Ul, and executes the process in accord- 
ance with the command. 

45 [0035] When the command of the user requests acti- 
vation of communication software, which Is native AP 
software, OS activates the communication software, 
and executes communication AP in mobile unit 16. By 
using communication AP, the user can communicate 

50 with the party. 

[0036] When the command of the user requests the 
activation of telephone directory AP, which is native AP 
software, OS activates thetelephone directory software, 
and executes telephone directory AP in mobile unit 1 6. 

55 By using telephone directory AP, the user can refer to, 
use, and change the content of the telephone directory 
(hereinafter, referred to as telephone directory data) 
stored in fixed memory 16D. 
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[0037] When the command of the user requests the 
activation of Web browser software, which is native AP 
software, OS activates Web browser software, and ex- 
ecutes the Web browser in mobile unit 1 6. Also, the Web 
browser provides Ul. Then, as the user gives the com- 
mand by operating operation unit 1 6G, the Web browser 
identifies the command of the user on the basis of the 
status of Ul and the signal provided by operation unit 
16G, and executes the process in accordance with the 
command. For instance, when the command is for ob- 
taining the specified file from WWW, a TCP connection 
is established by operating communication unit 1 6F with 
the Web server unit in which the file is stored, a request 
message of HTTP using the GET method is transmitted 
by URL showing the specified location, a response mes- 
sage corresponding to the request message is received, 
and the connection is severed. Furthermore, the Web 
browser interprets the file contained in the received re- 
sponse message in accordance with HTML, produces 
Ul containing the Web page, and provides the user. Al- 
so, when a user sends a command for downloading 
Java-AP software, the command is notified to JAIVI 
(Java Application l^/lanager). Specifically, in a Web page, 
either by clicking or pressing, when an anchor tag to 
which the object tag is specified is designated, the Web 
browser extracts URL which is specified as data prop- 
erty of the object tag, and n otif ies JAM that downloading 
of Java-AP software by URL is requested. 
[0038] When the command of the user requests the 
activation of JAM software, which is native AP software, 
OS activates JAM software, and executes JAM in mo- 
bile unit 16. JAM shows to the user a list of Java-AP 
software installed in mobile unit 1 6, and activates the 
Java-AP software specified by the user. Specifically, 
when the command of the user to JAM requests the ac- 
tivation of Java-AP software, Java-AP environment soft- 
ware is activated, and Java-AP environment is executed 
in mobile unit 16. Then, the specified Java-AP software 
is activated, and Java-AP is executed in Java-AP envi- 
ronment. Java-AP environment contains KVM which is 
a lightweight Java Virtual Machine appropriate to a cel- 
lular terminal, and API provided for Java-AP. API pro- 
vided for Java-AP is divided into trusted API which only 
Java-AP whose trustworthiness is guaranteed by the 
communication provider on the basis of the contract with 
the IP (hereinafter, referred to as trusted AP) is allowed 
to use, and non-trusted API which any Java-AP is al- 
lowed to use. 

(2) Operation 

[0039] Hereinafter, the operation of the present em- 
bodiment is explained. JAM, when a command for re- 
questing the downloading of Java-AP is notified by the 
Web browser, carries out the process for downloadin- 
gand installing Java-AP software into mobile unit 16. 
The flow of the process is shown in Fig. 5. In Fig.5, the 
process of mobile unit 16 for obtaining the explanatory 



file is omitted. Since some different modes exist for the 
process of obtaining the explanatory file, the process will 
belater explained with some specific examples of the 
operation. As shown in Fig.5, JAM first determines 

5 whether Java-AP software, which is about to be down- 
loaded, is trusted Java-AP software (Step S11 ). Specif- 
ically, when mobile unit 16 obtains the explanatory file, 
the Web browser provides the user Ul corresponding to 
the explanatory file, and receives the command for 

10 downloading Java-AP software from the user. The Web 
browser notifies JAM of URL of the Java-AP software 
specified by the user. JAM refers to the file name at the 
end of the URL notified by the Web browser, and deter- 
mines .that the software is trusted Java-AP software if 

15 the extension of the file is "sdf", and non-tmsted 
Java-AP software if the extension of the file is not "sdf ." 
When the Java-AP software, which is about to be down- 
loaded, is determined as trusted Java-AP software, the 
downloading and installation processes identical to the 

20 conventional processes are carried out (Step SI 2). 
[0040] When the Java-AP software, which is about to 
be downloaded, is determined as trusted Java-AP soft- 
ware, JAM obtains the SDF corresponding to the soft- 
ware from administering server unit 18 (Step S13). In 

25 other words, JAM establishes the TCP connection with 
administering server unit 1 8, produces and transmits via 
the TCP connection a request message requesting ad- 
ministering server unit 1 8 for transmission of the SDF 
stored in the location shown by URL notified by the Web 

30 browser, receives the response message to the request 
message, and severs the above-mentioned connection. 
[0041] Then. JAM extracts APID. ADF-URL, and the 
, public key from SDF contained in the response mes- 
" sage, and writes SDF into fixed memory 16D. 

35 [0042] Next, JAM obtains ADF (Step S14). Specifical- 
ly, JAM establishes the TCP connection with the Web 
server unit in which ADF identified by ADF-URL extract- 
ed from SDF is stored, produces and transmits a request 
message for requesting transmission of ADF, receivesa 

40 response message to the request message, and severs 
the TCP connection. 

[0043] As already explained, an ADF corresponding 
to trusted Java-AP software, contains the hash values 
of an APID and a Jar file, and further signed (encrypted) 

45 by the secret l<ey CA gives to the IP which provides the 
trusted Java-AP software. Then, JAM checks (decodes) 
thesignatureof the ADFcontained in the response mes- 
sage by using the public key extracted from the SDF, 
and detennines the authenticity of the ADF (Step S16). 

50 [0044] When an ADF is determined to be authentic, 
the JAM compares the APID extracted from an SDF to 
an APID contained in the ADF, and detemiines whether 
these APIDs match (Step SI 6). When these APIDs are 
detennined to match, JAM detemnines whether the 

55 trusted Java-AP software can be installed in mobile unit 
16 on the basis of the content ofthe ADF (Step SI 7). 
The basis of determination is Identical to the conven- 
tional basis. 
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[0045] When installation is determined to be possible, 
JAM obtains the Jar file. Speclficafly, JAM writes the 
ADF into mobile unit 16, and extracts the hash value 
and package URL from the ADF. Furthermore, JAM es- 
tablishes the TCP connection with the Web server unit s 
in which the Jarflle identified by package URL is stored, 
produces and transmits a request message for request- 
ing transmission of the Jar file, receives the response 
message to the request message, and severs the TCP 
connection (Step SI 8). 

[0046] Furthermore, JAM calculates the hash value to 
the obtained Jar file (Step S19). Any hash function can 
be used to calculate the hash value, but the hash value 
used by the mobile unit and the hash vaiuethe IP uses 
for calculating the hash value contained in the ADF must 
be identical. 

[0047] JAM compares the hash value calculated by 
JAM to the hash value extracted from the ADF (Step 
S20), writes the obtained Jarfile into administering serv- 
er unit 18 when these hash values match, carries out 20 
several kinds of processes pertaining to installation of 
trusted Java-AP software (Step S21), and notifies the 
user that installation is successful (Step S22). 
[0048] When an ADF is detennined not to be authen- 
tic, when an APID of an SDF and an APID of an ADF do 25 
not match, when the Java-AP software which is about 
to be installed is determined not to be installable, and 
when the calculated hash value and the hash value ofan 
ADF do not match, the JAM notifies the user that instal- 
lation has failed, and returns the status of mobile unit 16 30 
to thestatus that exists before the acquisition of the SDF 
starts. 

[0049] Also, JAM supervises the operation of 
Java-AP, and restricts the use of the trusted API. The 
restriction is carried out in accordance with policy Infor- 35 
mation in SDF stored in fixed memory 16D. Policy infor- 
mation in SDF, for Instance, is the content conceptually 
shown in Fig. 7. In the policy Information shown in Fig. 
7, the use of the necessary trusted API "getPhoneList 
0" for referring to telephone number directory data, and 40 
the necessary trusted API "getMsStatus()" for obtaining 
the status of the mobile unit stored in the mobile unit are 
allowed, and the use of the necessary trusted API for 
referring to history data of transmission and reception 
"getCall History 0" stored In the mobile unit is forbidden. 45 

(3) Specific Operation 

[0050] Next, the operation of the above-mentioned 
system is explained. so 
[0051] In the operation explained below, establish- 
ment of the TCP connection and severing operation are 
general operations of HTTP; therefore, the explanation 
is omitted. Also, the above-mentioned operations car- 
ried out by OS, the Web browser, JAM, Java-AP, native 55 
AP and so forth are operations of mobile unit 1 6; there- 
fore, in the following explanation, the main unit which 
carries out the operation is mobile unit 16. 
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[0052] In the operation explained hereinafter, the fol- 
lowing case is the presupposition. First, as shown in Fig. 
8, in fixed memory ISA of administering server unit 18, 
are stored list file 200 and SDF 204. Atthis stage, listf lie 
200 is written to provide list page 201 shown in Fig. 9 
when interpreted and executed by mobile unit 1 6. Also, 
list file 200 is written, when option 201 A constituting list 
page 201 is specified either by being clicked or pressed, 
to produce a request message containing URL of ex- 
planatory file 202 ("http://www.maln.bbb.co.jp/ghi. 
html") as a parameter of the GET method. Moreover, list 
file 200 Is written, when option 201 B constituting list 
page 201 is specified, to produce a request message 
containing URL of explanatory file 207 ("http://www.ccc. 
co.jp/jkl.htmr) as a parameter of the GET method. 
[0053] Also. SDF 204 contains "0001 " as APID, Infor- 
mation shown in Fig.7 as policy information, "http:// 
www.main.bbb.co.jp/vi6wer.jam" as ADF-URL, and 
public key CA gives to IP which administers IP server 
unit 13 and IP sender unit 14. 

[0054] Also, in fixed memory 12A of IP server unit 12, 
are stored explanatory file 211 con-esponding to 
Java-AP software of thetltle "tsume-shogi" (a game sim- 
ilar to "chess ") (hereinafter, refen^ed to as the first 
Java-JP software), ADF 213, and Jar file 21 4. Explana- 
tory file 21 1 , ADF 21 3, and Jar file 21 4 are produced by 
IP administering IP server unit 12. The content of ex- 
planatory file 211 is shown in Fig. 10. Explanatory file 
21 1 is written to provide explanatory page 21 2 shown in 
Fig. 11 when interpreted and executed by mobile unit 
16. Also, ADF 213 contains URL of Jar file 214 ("http:// 
www.ccc.co.jp/shogl.jar") as package URL. 
[0055] Also, in fixed memory 1 2A of IP server unit 1 2, 
are stored explanatory file 207 corresponding to 
Java-AP software of the title "horoscope" (hereinafter, 
referred to as the second Java-AP software), ADF 209, 
and Jarfile 21 0. Explanatory file 207, ADF 209, and Jar 
file 21 0 are produced by IP administering IP server unit 
12. The content of explanatory file 207 is shown in Fig, 
1 2. Explanatory file 207 is written to provide explanatory 
page 208 shown in Fig. 13 when interpreted and exe- 
cuted by mobile unit 1 6. Also, ADF 209 contains URL of 
Jar file 210 ("http://www.ccc.co.jp/horoscope.jar") as 
package URL. 

[0056] Also, in fixed memory 13A of IP server unit 13, 
are stored explanatory file 202 corresponding to 
Java-AP software of the title "telephone number direc- 
tory viewer" (hereinafter, refen^ed to as the third Java-AP 
software), ADF 205, and Jar file 206. Explanatory file 
202, ADF 205, and Jar file 206 are produced by IP ad- 
ministering IP server unit 13 and IP server unit 14. The 
content of explanatory file 202 is shown in Rg.14. Ex- 
planatory file 202 is written to provide explanatory page 
203 shown in Fig. 15 when interpreted and executed by 
mobile unit 16. ADF 205 contains "0001" as APID, the 
hash value of Jar file 206, URL of Jar file 206 ("http:// 
www.main.bbb.co.jp/viewer.jar") as package URL, and 
Is signed by secret key CA gives to IP administering IP 
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server unit 13, and IP server unit 14. 
[0057] Also, mobile unit 16 is In the status in which 
the first to the third Java-AP software can be download- 
ed. 

(2-1) Installation Operation 

[0058] First, the operation of installing Java-AP soft- 
ware in mobile unit 16 is explained with reference to 
each Java-AP software. 

(2-1-1) First Java-AP Software 

[0059] The Installation operation of the first Java-AP 
software begins when the user finds the IP server unit 
In which Java-software he/she desires is stored, and 
then tries to obtain explanatory file 211 in the Web 
browser by operating mobile unit 1 6. First, in mobile unit 
16, request message tm 12 containing URL of explan- 
atory file 211 ("httpy/www.ccc.co.jp/mno.htmr) as a pa- 
rameter of the GET method is produced. Request mes- 
sage tm 12 is, as shown in Fig. 16, transmittedby mobile 
unit 16, and is received by IP server unit 12. In IP server 
unit 12, response message tm 13 containing explana- 
tory file 211 is produced in response to the content of 
request message tm 12. Response message tm 13 is 
transmitted by IP server unit 12, and is received by mo- 
bile unit 16. In mobile unit 1 6, Ul corresponding to the 
content of explanatory file 211 is provided to the user. 
As a result, in displaying unit 1 6C, explanatory page 21 2 
shown, for Instance, in Fig. 11 is displayed. 
[0080] When the user sees explanatory page 212, 
and operates mobile unit 16 to hit anchor 21 2A in ex- 
planatory page 21 2, the value specified as ijam property 
of the anchor tag written in explanatory file 211 of Fig. 
10 (the tag which begins with "<A") identifies the object 
tag specified as id property (the tag which begins 
with''<OBJECT") in mobile unit 16. Then, URL specified 
as data property of the object tag ("httpy/www.ccc.co. 
jp/shogi.jam") is extracted, and determination of Step 
S1 1 of Fig. 5 is carried out. I n the present example, since 
the extension of URL is not sdf, the ordinary process 
(Step 812) is carried out. In other words, the process Is 
carried out as follows. First, request message tm 1 6 for 
requesting transmission of ADF 213 identified by the 
URL is produced. Request message tm 16 is transmit- 
tedby mobile unit 16, and is received by IP server unit 
12, In IP server unit 12, response message tm 17 con- 
taining ADF 21 3 is produced in response to the content 
of request message tm 16. Response message tm 17 
is transmittedby IP server unit 12, and is received by 
mobile unit 1 6. 

[0061] In mobile unit 16, on the basis of the content 
of ADF 213, whether the first Java-AP software can be 
installed is determined. As mentioned above, since mo- 
bile unit 16 is In the status in which the first Java-AP 
softwarecan be installed, installation of the first Java-AP 
software is determined to be possible in mobile unit 1 6. 



[0062] Then, in mobile unit 1 6, ADF 21 3 is written into 
fixed memory 1601. Also, in mobile unit 16, package 
URL ("http://www.ccc.co.jp/shogi.jar") is extracted from 
ADF 21 3, and request message tm 1 8 requesting trans- 

5 mission of Jar file 214 Identified by the package URL is 
produced. Request message tm 18 is transmitted by 
mobile unit 16, and Is received by IP server unit 12. In 
IP server unit 12, response message tm 19 containing 
Jar file 214 is produced in response to the content of 

10 request message tm 18. Response message tm 19 is 
transmitted by IP server unit 12, and Is received by mo- 
bile unit 1 6. In mobile unit 1 6, Jar file 21.4 Is written into 
fixed memory 16D1 , and installation of the first Java-AP 
software is completed. 

15 [0063] When the first Java-AP software is detennined 
as not installable in mobile unit 1 6, the status of mobile 
unit 16 returns to the statusthat existed before the ac- 
quisition of ADF 213 began. 

20 (2-1 -2) Second Java-AP software 

[0064] The installation operation of the second 
Java-AP software begins when the user tries to obtain 
explanatory file 207 by operating mobile unit 16. As al- 

25 ready explained, explanatory file 207 can be obtained 
eitherby directly accessing the relevant IP server or 
through list file 200, but only the operation which begins 
with trying to obtain list file 200 is explained. 
[0065] As shown in Fig. 17, in mobile unit 1 6, request 

30 message tm 20 containing URL of list file 200 ("http:// 
www.aaa.co.jp/def.html") as a parameter of the GET 
method is produced. Request message tm 20 is trans- 
mitted by mobile unit 16, and is received by administer- 
ing server unit 18. In administering server unit 18, re- 

35 sponse message tm 21 containing list file 200 Is pro- 
duced in response to the content of request message 
tm 20. Response message tm 21 Is transmitted by ad- 
ministering server unit'1 8, and is received by mobile unit 
1 6. In mobile unit 1 6, when response message tm 21 is 

40 received, list file 200 in response message tm 21 is in- 
terpreted in accordance with HTML, and U I correspond- 
ing to the content of list file 200 is provided to the user 
of mobile unit 16. As a result, in displaying unit 16C of 
mobile unit 16, list page 201 shown, for instance, in Fig. 

45 9 is displayed. 

[0066] When the user, after seeing list page 201 , op- 
erates mobile unit 1 6 to hit option 201 B in list page 201 , 
request message tm 22 containing URL ("http^AAn/vw. 
ccc.co.jp.jkl.htmr) corresponding to option 201B as a 

50 parameter of the GET method is produced. Request 
message tm 22 is transmitted by mobile unit 1 6, and is 
received by IP server unit 12. In IP server unit 12, re- 
sponse message tm 23 containing explanatory file 207 
is produced in response to the content of request mes- 

55 sage tm 22. Response message tm 23 is transmitted by 
IP server unit 12, and is received by mobile unit 16. In 
mobile unit 16, Ul corresponding to the content of ex- 
planatory file 207 is providedto the user. As a result, in 
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displaying unit 16C, explanatory page 208 shown, for 
instance, in Fig. 13 is displayed. 
[0067] When the user, after seeing explanatory page 
208, operates mobile unit 16 to hit anchor 208A in ex- 
planatory page 208, the value specified as ijam property 
of the anchor tag written in explanatory file 207 of Fig. 
12 (the tag which begins with "<A") identifies the object 
tag specified as Id property (the tag which begins with 
"<OBJECT'). Then, URL specified as data property of 
the object tag ("httpV/www.ccc.co.jp/horoscope.jam") is 
extracted, and detenninatlon of Step S11 of Fig.5 is car- 
ried out. In this example, since the extension of URL is 
not sdf.an ordinary process (Step S 12) is carried out. 
In other words, the process is earned out as follows. 
First, request message tm 26 requesting transmission 
of ADF 209 identified by the URL is produced. Request 
message tm 26 Is transmittedby mobile unit 16, and is 
received by IP server unit 12. In IP server unit 12, re- 
sponse message tm 27 containing ADF 209 corre- 
sponding to the content of request message tm 26 is 
produced. Response message tm 27 Is transmittedby 
IP server unit 12, and Is received by mobile unit 16. 
[0068] In mobile unit 16, on the basis of the content 
of ADF 209, whether the second Java-AP software can 
be installed is detemnined. As mentioned above, since 
mobile unit 16 Is in the status in which the second 
Java-AP software can be Installed, the second Java-AP 
software is determined as installable In mobile unit 1 6. 
[0069] Next, In mobile unit 1 6, ADF 209 is written Into 
fixed memory 16D 1. Also, In mobile unit 16, package 
URL ("http://www.ccc.co,Jp/horoscope.jar") Is extracted 
from ADF 209, and request message tm 28 requesting 
transmission of jarfile 21 0 identified by paclcage URL is 
produced. Request message tm 28 is transmitted by 
mobile unit 16, and is received by IP server unit 12. In 
IP server unit 12, response message tm 29 containing 
Jar file 21 0 In response to the content of request mes- 
sage tm 28 Is produced. Response message tm 29 is 
transmitted by IP server unit 1 2, and is received by mo- 
bile unit 1 6. In mobile unit 1 6, Jar file 21 0 Is written Into 
. fixed memory 16D1, and installation of the second 
Java-AP software is completed. 
[0070] When the second Java-AP software is deter- 
mined as not installable in mobile unit 16, the status of 
mobile unit 16 returns toa previous status, that which 
existed before the acquisition of ADF 209 began. 

(2-1-3) Third Java-AP Software 

[0071] The installation operation of the third Java-AP 
software begins when the user tries to obtain explana- 
tory file 202 by operating mobile unit 1 6. In the operation , 
mobile unit 16 obtains relevant list file 200, determines 
where explanatory file 202 exists, and tries to obtain ex- 
planatory file 202. 

[0072] As shown in Fig. 1 8, In the operation which be- 
gins by trying to obtain list file 200, an operation identical 
to the operation shown in Fig. 17 Is carried out till list 



page 201 shown, for instance, in Fig. 9 is displayed after 
mobile unit 1 6 receives response message tm 21 . When 
the user, after seeing list page 201 , operates mobile unit 
1 6 to hit option 201 A In list page 201 , request message 

5 tm 32 containing URL con^esponding to option 201A 
("httpy/www.main.bbb.co.jp/ghi.html") as a parameter 
of the GET method Is produced in mobile unit 16. Re- 
quest message tm 32 is transmitted by mobile unit 16, 
and Is received by IP server unit 13. In IPserver unit 13, 

10 response message tm 33 containing explanatory file 
202 in response to the content of request message tm 
32 is produced. Response message tm 33 is transmitted 
by IP server unit 13, and is received by mobile unit 16. 
In mobile unit 16, the user is provided with Ul corre- 

15 spending to the content of explanatory file 202. As a re- 
sult, in displaying unit 16C, explanatory page 203 
shown, for instance,. in Fig. 15 is displayed. 
[0073] When the user, after seeing explanatory page 
203, operates mobile unit 16 to hit anchor 203A in ex- 

20 planatory page 203, the value specified as Ijam property 
of the anchor tag written In explanatory file 202 in Fig. 
14 (the tag which begins with "<A") identifies the object 
tag specified as id property (the tag which begins by 
"<OBJECT"). Then, URL specified as data property of 

25 the object tag ("http://www.aaa.co.jp/abc.sdf") is ex- 
tracted, and detenni nation of Step S1 1 in Fig. 5 is carried 
out In the example, the extension of URL is sdf; there- 
fore, the process of step S 13 and thereafter is carried 
out. In other words, the process is carried out as follows. 

30 First, request message tm 34 requesting transmission 
of SDF 204 identified by the URL Is produced. Request 
message tm 34 is transmitted by mobile unit 1 6, and is 
received by administering server unit 18. In administer- 
ing server unit 1 8, response message tm 35 containing 

35 SDF 204 In response to the content of request message 
tm 34 Is produced. Response message tm 35 Is trans- 
mitted by administering server unit 18, and received by 
mobile unit 16 via gateway server unit 17 and mobile 
packet communication network 1 5. The communication 

40 path between administering server unit 1 8 and gateway 
server 1 7 is an exclusive line, and since gateway server 
unit 17 is directly connected to mobile packet commu- 
nication network 1 5 whose security is assured, SDF 204 
can not be falsified until SDF 204 is received by mobile 

45 unit 1 6 (thereinbefore, Step S 1 3). 

[0074] in mobile unit 1 6, SDF 204 is written into fixed 
memory 16D 1 of fixed memory 16D. Also, In mobile unit 
16, APID C0001"), ADF-URL ("http://www.maln,bbb.co. 
jp/viewer.jam"), and the public key are extracted from 

50 SDF 204, and request message tm 36 requesting trans- 
mission of ADF 205 identified by ADF-URL is produced. 
Request message tm 36 is transmitted by mobile unit 
16, and is received by IP server unit 13. In IP server unit 
1 3, response message tm 37 containing ADF 205 in re- 

55 sponse to the content of request message tm 36 is pro- 
duced. Response message tm 37 is transmitted by IP 
server unit 13, and is received by mobile unit 1 6 (there- 
inbefore, Step S 14). 
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[0075] In mobile unit 16. authenticity of ADF 205 is 
detemiined by using the public key extracted from SDF 
204 (Step S 15). As mentioned above, since the public 
key contained In SDF 204 corresponds to the key used 
for the signature on ADF 205, ADF 205 is detennined 5 
to be authentic as far as ADF 205 is not changed In IP 
server unit 13, or on the communication path between 
IP server unit 13 and mobile unit 16. 
[0076] When ADF 205 is determined to be authentic, 
in mobile unit 1 6, ARID extracted from SDF 204 and AP- io 
ID contained in ADF 205 are compared (Step 81 6). As 
' mentioned above, since ARID which matches ARID in 
SDF 204 is written in ADF 205 in I P server unit 1 3, APID 
extracted from SDF 204 and APID contained in ADF205 
match as long as the description is correct. 
[0077] When ARID match, in mobile unit 16, whether 
the third Java-AP software can be Installed is deter- 
mined on the basis of the content of ADF 205 (Step 
SI 7). As mentioned above, since mobile unit 1 6 Is In the 
status In which the third Java-AR software can be in- . 20 
stalled, the third Java-AP software is detennined to be 
Installable in mobile unit 16. 

[0078] Then, in mobile unit 1 6, ADF 205 is written into 
fixed memory 16D1. Also, In mobile unit 16, the hash 
value and package URL ("http://www.main.bbb.co.jp/ 25 
viewer.jar") are extracted, and request message tm 38 
requesting transmission of Jar file 206 Identified by the 
package URL is produced. Request message tm 38 is 
transmitted by mobile unit 1 6, and is received by IP serv- 
er unit 13. In IP server unit 13, response message tm 30 
39 containing Jar file 206 corresponding to the content 
of request message tm 38 is produced. Response rjies- 
sage tm 39 is transmitted by IP server unit 13, and is 
received by mobile unit 16 (thereinbefore, Step SI 8). 
[0079] In mobile unit 16, the hash value is calculated 35 
by using Jar file 206 and the specific hash function (Step 
SI 9), and the calculated hash value and the hash value 
extracted from ADF 205 are compared (Step 820). As 
mentioned above, the hash value of the Jar file corre- 
sponding to ADF 205 is written In ADF 205; therefore, 40 
these hash valueswould match as long as the descrip- 
tion is correct. When these hash values match, in mobile 
unit 16, Jar file 206 is written into fixed memory 16D1 , 
and the installation of the third Java-AP software is com- 
pleted (Step S21 and S22). 45 
[0080] When ADF 205 is determined to be not authen- 
tic In mobile unit 1 6, when ARID extracted from SDF 204 
and ARID contained in ADF 205 do not match, when the 
third Java-AP software Is determined to be not Installa- 
ble, or when the calculated hash value and the hash val- 50 
ue extracted from ADF 205 do not match, afailure notice 
is sent to the user (Step 823), and the status of mobile 
unit 1 6 returns to a previous status that which existed 
before the acquisition of SDF 204 began. 
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(2-2) Operation of Mobile Unit 16 When Java-AP 
Software Is Activated 

[0081] Next, the operation of mobile unit 16 when 
Java-AP software is activated will be explained. 

(2-2-1) Fist Java-AP Software 

[0082] The operation of mobile unit 1 6, when the first 
Java-AP software installed by the above-mentioned In- 
stallation operation is activated in mobile unit 1 6 In whk^h 
JAM is achieved, and the functions corresponding to the 
software (hereinafter, referred to as the first Java-AP) 
are achieved will be explained. 
[0083] When API, which the first Java-AR is about to 
use is non-trusted API, the use of the API is approved 
by JAM. Hence, the first Java-AP can use the API. 
[0084] On the other hand, when API, which the first 
Java-AR Is about to use is trusted API, JAM checks 
whether SDF corresponding to the Java-AR is stored in 
fixed memory 1 6D. Since such SDF Is not stored in fixed 
memory 1 6D, JAM forbids the use of the API by the first 
Java-AP. Hence, the first Java-AP will not be able use 
the API. 

(2-2-2) Second Java-AP Software 

[0085] The operation of mobile unit 16 when the in- 
stalled second Java-AP software is activated in mobile 
unit 1 6 in which JAM Is achieved, and the functions cor- 
responding to the software are achieved, is identical to 
the operation of mobile unit 16 when the first Java-AP 
software Is activated. 

(2-2-3) Third Java-AP Software 

[0086] The operation of mobile unit 16 when the in- 
stalled third Java-AP software is activated in mobile unit 
16 in which JAM is achieved, and the functions corre- 
sponding to the software (hereinaften referred to as the 
third Java-AP) are achieved, will be explained. 
[0087] When API , which the third Java-AP is about to 
use is non-trusted API, the use of the API is approved 
by JAM. Hence, the third Java-AR can use the API. 
[0088] When API, which the third Java-AP Is about to 
use Is trusted API, the operation of mobile unit 16 de- 
pends upon the API. Hereinafter, the operation of mobile 
unit 16 is explained with regard to each API. 

(2-2-3-1) getPhoneLlstO 

[0089] Since "getPhoneListQ" Is trusted API, whether 
the API can be used is determined by JAM on the basis 
of policy Information in SDF 204 stored In fixed memory 
1 6D. The content of the policy infonnation is the content 
shown in Fig. 7; therefore, the use ofgetRhoneListO" is 
approved by JAM. Hence, the third Java-AP can use 
"getPhoneListO". In other words, the third Java-AP can 
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read but telephone number directory data. 
(2-2-3-2) getCallHistoryO 

[0090] Since "getCallHistoryO" is trusted API , wheth- s 
er the API can be used is determined by JAM on the 
basis of policy information in SDF204. Since the content 
of the policy infornnatlon is the content shown in Fig. 7, 
the use of "getCallHistoryO" 's forbidden by JAM. 
Hence, the third Java-AP cannot use "getCallHitoryO". 
In other words, the third Java-AP cannot read out history 
data of transmission and reception. 

(2-3) Operation after Third Java-AP Software Is 
Changed 

[0091 ] Next, the operation of the present systenn after 
IP, which administers IPserverunit 13and IP server unit 
1 4 changes the transmission mode or the content of the 
third Java-AP software will be explained. However, the 20 
present change includes the change of the content of 
Jar file 206 for the purpose such as the Improvement of 
the third Java-AP software, and the change of the trans- 
mission mode for the purpose such as alleviating the 
burden on IP server unit 13. To achieve the latter 25 
change, IP which administers IP server unit 13 and IP 
server unit 14, as shown In Fig. 19, stores Jar file 206 
after the change (hereinafter, referred to as Jar file 215) 
In fixed memory 14A of IP server unit 14, and produces 
ADF 21 6 by changing the content of ADF 205 in accord- 30 
ance with Jar file 215. The above-mentioned operation 
is required for transmission of the third Java-AP soft- 
ware after the change, and no operation is required for 
the communication provider, which administers admin- 
istering server unit 18. 35 
[0092] The installation operation of the third Java-AP 
software after such changes is shown in Fig. 20. The 
operation shown in Fig. 20 begins to differ from the op- 
eration shown in Fig. 18 when, In IP server unit 13, re- 
sponse message tm 47 containing ADF 21 6 is produced 40 
as opposed to response message tm 37 containing ADF 
205. Response message tm 47 corresponds to re- 
sponse message tm 37, response message tm 48 cor- 
responds to response message tm 38, and response 
message tm 49 corresponds to response message tm 45 
39. 

[0093] The operation after response, message tm 47 
is produced in IP server unit 13 essentially differs from 
the operation shown in Fig. 18 in that ADF 216 and Jar 
file 21 5 are the objects of the process; request message 50 
tm 48 requesting transmission of Jar file 215 identified 
by package URL contained in ADF 216 ("http://vww. 
sub.bbb.co.jp/viewerjar") is produced in mobile unit 1 6; 
request message tm 48 Is transmlttedby mobile unit 1 6, 
and received by IP server unit 14; response message 
tm 49 containing Jar file 215 is produced in IP server 
unit 14; and response message tm 49 is transmitted by 
IP server unit 14, and is received by mobile unit 16. 
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(3) Modification 

[0094] In the above-mentioned transmission system, 
ADF and a Jar file are transmitted by the IP server unit, 
but one or both of these can be transmitted by the ad- 
ministering server unit. 

[0095] Also, in the above-mentioned transmission 
system, the mobile unit confimns the authenticity of the 
correspondence of the producer of SDF with the pro- 
ducer of ADF on the basis of signature data using the 
secret l<ey and the public key. but the length of the proc- 
ess in the mobile unit and the IP server unit, or the 
amount of communication among the mobile unit, the 
administering server unit, and the IP server unit can be 
alleviated by not including the public key in SDF; by not 
signing ADF by using the secret key in the IP server unit; 
or by omitting the confirmation process in the mobile 
unit, according to the security level required for the sys- 
tem. 

[0096] Also, in the above-mentioned transmission 
system, the hash value of the Jar file is included in ADF 
corresponding to the Jar file; and the hash value is cal- 
culated in the mobile unit; then the authenticity of the 
correspondence of the Jar file and ADF is confimned by 
comparing the hash value in ADF to the calculated hash 
value, but the length of the process In the mobile unit 
and the I P server unit and the amount of communication 
between the mobile unit and the IP server unit can be 
alleviated by omitting the confinnatlon process without 
including the hash value In ADF depending upon the se- 
curity level req u ired f o r th e system . 
[0097] Also, in the above-mentioned transmission 
system, whether the correspondence of SDF with ADF 
(and the Jar file) Is authentic is detemiined by using the 
inherent APIDto trusted Java-AP, but authenticity of the 
con-espondence of SDF with ADF (and the Jar file) can 
be determined by using the CID inherent to the informa- 
tion provider, which provides trusted Java-AP. Also, de- 
pending upon the security level required for the system, 
the determination made on the basis of API D and CID 
can be omitted. 

[0098] Also, in the above-mentioned transmission 
system, the server is specified by using the domain 
name, but the sender canalso be specified by using the 
IP address. . 

[0099] Also, in the mobile unit, by comparing the do- 
main name of the server unit, which transmits SDF to a 
preset letter string, SDF can be determined to be au- 
thentic only when the domain name is that of a server 
unit administered by a trustworthy organization. In this 
mode, the letter string to be compared (for instance, the 
letter string showing the domain name of the communi- 
cation provider) is pre-stored in ROM or the fixed mem- 
ory of the mobile unit. When the letterstring is pre-stored 
in ROM, higher security can be assured since the letter 
string cannot be rewritten. Also, If the letter string is pre- 
stored in the fixed memory, trustworthy organizations 
can be stored after the purchase of the mobile unit; 
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therefore, excellent convenience can be provided to a 
user and a trustworthy organization. 
[0100] Also, in the above-mentioned transmission 
system, a high level of security is assured with a com- 
munication provider, which provides the communication 
path used for transmission of SDF as a trustworthy or- 
ganization, but the technological scope of the present 
invention includes the mode In which the communica- 
tion path is not provided by a trustworthy organization. 
For instance, by connecting a trustworthy organization 
to a mobile unit by using an encrypted communication 
path, the trustworthy organization can transmit SDF via 
the encrypted communication path. Also, even if the se- 
curity of the communication path Is not assured, by 
transmitting after encrypting SDF, and decoding SDF in 
the mobile unit, SDF can be transmitted with a certain 
degree of security. 

[01 01 ] in the above-mentioned transmission system, 
a file is transmitted and received in accordance with HT- 
TP, but the system can be modified to assure higher se- 
curity by using HTTPS. 

[0102] Also, in the above-mentioned transmission 
system, a trustworthy organization can be an IP, in other 
words, the administering unit could comprise an IP serv- 
er unit. 

[0103] Moreover, in the above-mentioned transmis- 
sion system, API Is the object for restricting the use by 
Java-AP, but any resource can be the object. The re- 
source can be a hardware resource. Also, the resource 
can be a network resource, or a software resource. A 
hardware resource can be a resource such as a mem- 
ory, a speaker, a microphone, an Infrared controller, LED 
(Light Emitting Diode) which a mobile unit can be 
equipped with, or an external hardware box such as DIM 
(User Identity Module) or SIM (Subscriber Identity Mod- 
ule) which functions with the mobile unit. 
[0104] Next, a network resource is explained. As 
mentioned above, the mobile unit performs radio com- 
munication with the mobile communication network. 
During radio communication, the mobile unit uses a ra- 
dio resource such as a radio channel provided by the 
mobile communication network. The radio resource is 
one of network resources. Also, the mobile unit, in a 
higher communication protocol layer than the commu- 
nication protocol layer the radio resource belongs to, us- 
es a communication resource such as a transmission 
path of packets or a communication path of the connect- 
ing network. The communication resources such as 
these are included as a networic resource. 
[01 05] Next, a software resource is explained. A soft- 
ware resource can be API, a class, a package and so 
forth. Various functions are provided by a software re- 
source, but atypical function can be a computation proc- 
ess such as encryption computation, or a function of 
transmitting or receiving data with other applications 
such as a Web browser. Also, the technological scope 
of the present invention includes the mode of restricting 
the use of a software resource, which the above-men- 



tioned external hardware box Is equipped with. 
[01 06] Incidentally, the use of a hardware resource or 
a networi< resource by Java-AP generally takes place 
by using a software resource. A mobile unit of the above- 

5 mentioned transmission system is also equipped with a 
software resource to use a hardware resource or a net- 
work resource, and by restricting the use of a software 
resource of this type, the use of a hardware resource or 
a networic resource is indirectly restricted. By Indirectly 

10 restricting in this manner, and by preparing various soft- 
ware resources, restrictions which cannot be achieved 
unless restriction on a plurality of resources are 
changed in detaii, such as giving the right to change the 
authorization of Java-AP to only trusted Java-AP, lifting 

15 the restrictlonon allowing to communicate only with a 
server unit accessed for downloading, or allowing to ac- 
cess a specific memory domain can easily be specified. 
Also, the mode of indirectly restricting the use of a soft- 
ware resource of the above-mentioned external hard- 

20 ware box by restricting the use of a software resource 
installed in the mobile unit is included in the technolog- 
ical scope of the present invention. 
[01 07] With regard to a method of expressing permis- 
sion, a flag (pennit^ortDld) con-esponding to one re- 

25 source can be used, or permissions of a plurality of re- 
sources can be denoted by one expression. 
[0108] Also, In the present invention, permission can 
be denoted to permit (or foriaid) the use of a resource 
with a plurality of types. In this case, In the mobile unit, 

30 a more precise control can be achieved. For Instance, 
since two modes (reading out and writing in) exist in the 
memory, the memory can be used for both reading out 
and writing in by trusted Java-AP although memory is 
used only for reading out by non-trusted Java-AP. Also, 

35 for instance, when the Web browser and so forth are 
activated while Java-AP with the right to use a packet 
transmission path Is activated In a mobile unit in which 
a plurality of applications can share one packet trans- 
mission path, control can be such that Java-AP which 

40 is permitted to "exclusively use a packet transmission 
path" can exclusively use a packet transmission path 
although the Java-AP which is not pemiitted to "exclu- 
sively use a packet transmisslori path" cannot exclude 
the sharing of packet transmission path by a Web 

45 browser and so forth. Also, by further modifying the 
above-mentioned modification, the following control can 
be possible. In other words, Java-AP with a certain type 
of pemiission can exclusively use the packet communi- 
cation path without the user's consent. Also, Java-AP 

50 with another pennission can use the packet communi- 
cation path without the user's consent, but needs to ob- 
tain the user's consent to exclusively use the packet 
communication path. Also, Java-AP with another per- 
mission can use the packet communication path without 

55 the user's consent, but cannot exclusively use the pack- 
et communication path. Also, Java-AP with another per- 
mission can use the packet communication path only 
with the user's permission. Also, Java-AP with another 
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permission cannot even use the packet communication 
path. As it is obvious from these examples, "types of 
use" of the present Invention also contain types of a 
process when a resource is used (a process of obtaining 
the user^s consent/ a process of not obtaining the user's 
consent) 

[01 09] Also, in the above-mentioned transmission 
system, an identical list page is provided for all mobile 
units, but a different list page can be provided for each 
mobile unit. 

[0110] Also, in the above-mentioned transmission 
system, the operation of Java-AP is restricted when the 
Java-AP is executed. Instead, by including policy infor- 
mation in the Jar file stored in the IP server unit, and 
when the Jar file is downloaded in the mobile unit, acti- 
vation of the Java-AP con-esponding to the Jar file, or 
installation of Java-AP software containing the Jar file 
can be forbidden if conriparison between the policy in- 
formation and the policy information in SDF results in a 
mismatch. Only the permission given to the item as a 
result of the match in policy information can be valid. 
[0111] Also, SDF can be transmitted after being 
signed by the secret !<ey which CA gives to the commu- 
nication provider, and the signature on SDF can be in- 
spected in the mobile unit by the public key, which* CA 
gives to the communication provider. The public key of 
the communication provider must necessarily be pre- 
stored in the mobile unit. The public key can be pre- 
stored in the fixed memory after being transmitted by 
means of communication. Also, the mobile unit can be 
sold after writing the key into ROM. 
[0112] Also, in the above-mentioned transmission 
system, software Is delivered to a mobile unit, but the 
technological scope of the present invention includes 
the mode of transmitting software to a temninal unit be- 
sides a mobile unit. 



Claims 

1. A transmission method comprising: 

a process for transmitting an authorization file 
in a communication system in which an origina- 
tor originates a request including information 
showing a storage of a file and the file is trans- 
mitted in response to said request, said process 
for transmitting including transmitting a security 
descriptive file as said authorization file from an 
administering server unit storing said security 
descriptive file through a secure link to a temni- 
nal unit, the security descriptive file containing 
first identification information and authorization 
information, the first identification information 
showing a storage location of an application de- 
scriptive file, the application descriptive file 
having infomiation dependent upon an entity 
file, which includes software for executing an 



application, along with information showing a 
storage location of said entity file, the authori- 
zation infonnation of the security descriptivef lie 
indicating an allowable range of an operation 

5 of the application which is executed in accord- 

ance with said software,said temninal unit exe- 
cuting operation of the application within a 
range shown by said authorization infonnation; 
a dependent information obtaining process for 

10 said tenninal unit to obtain, by using said first 

identification Infonnation contained in said se- 
curity descriptive file transmitted from said 
communication system in said authorization 
transmission process, said application descrip- 

15 tive file from one or a plurality of server units in 

which said application descriptive file is stored; 
and 

a program obtaining process for said terminal 
unit to obtain said entity file from said commu- 
20 nication system by using said application de- 

scriptive file obtained in said dependent infor- 
mation obtaining process. 

2. A transmission method according to Claim 1 , 

25 wherein said application descriptive file is ob- 

tained from said administering server unit by said 
dependent infonnation obtaining process. 

3. A transmission method according to Claim 1 , 

30 wherein said entity file Is obtained from said 

administering server unit by said program obtaining 
process. 

4. A transmission system according to Claim 1 , 

35 wherein said application descriptive file is ob- 

tained from said administering server unit in said 
dependent information obtaining process, and 

wherein said entity file is obtained from said 
administering server unit in said program obtaining 

40 process. 

5. A transmission method according to Claim 1 further 
comprising: 

45 an encryption process for said communication 

system to encrypt said security descriptive file; 
and 

a decoding process for said temninal unit to de- 
code said security descriptive file transnnitted 
50 by said communication system in said process 

for transmitting an authorization file, 

wherein, in said process for transmitting an 
authorization file, said security descriptive file en- 
55 crypted in said encryption process is transmitted to 
said terminal unit, and 

wherein, in said dependent information ob- 
taining process, said tenninal unit obtains said ap- 
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plication descriptive file by using said security de- 
scriptive file decoded in said decoding process. 

6. A transmission process according to Clainn 1 , 

wherein said authorization information shows 
. restriction on use of a resource. 

7. A transmission method according to Claim 6, 

wherein said resource is a hardware resource 
inside said terminal unit. 

8. A transmission method according to Claim 6, 

wherein said resource Is a hardware resource 
outside said temninal unit which said terminal unit 
can use. 

9. A transmission method according to Claim 6, 

wherein said resource is a software resource 
inside said terminal unit. 

10. A transmission method according to Claim 6, 

wherein, said resource is a software resource 
outside said temninal unit which said terminal unit 
can use. 

11. A transmission method according to Claim 6, 

wherein said resource is a network resource 
which said temninal unit can use. 

12. A transmission method according to Claim 1, 

wherein said authorization information shows 
a type of use of a resource. 

13. A transmission method according to Claim 1, 

wherein an application descriptive file con-e- 
sponding to said application is signed by a secret 
key a certifying agent gives to an information pro- 
vider providing said application, 

wherein a security descriptive file correspond- 
ing to said application contains a public key a cer- 
tifying agent gives to said information provider, and 

wherein, in said program obtaining process, 
said terminal unit Inspects authenticity of an appli- 
cation descriptive file obtained in said dependent In- 
formation obtaining process by using said public 
key, and obtains said entity file from said communi- 
cation system by using said application descriptive 
file only when authenticity is verified. 

14. A transmission method according to Claim 1 , 

wherein said application descriptive file and 
said security descriptive file contain an application 
identifier an administrator which administers said 
administering server unit gives, and 

wherein, in said program obtaining process, 
said terminal unit compares an application identifier 
contained in a security descriptive file transmitted 
by said administering server unit in said authoriza- 
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tion transmission process to an application Identifier 
contained in an application descriptive file obtained 
in said dependent infomnation obtaining process, 
and obtains said entity file from said communication 
5 system by using said application descriptive file on- 
ly when both identifiers match. 

15. A transmission method according to Claim 1 , 

wherein said communication system further 
10 comprises an information providing server unit in 
which a file for downloading containing a second 
identification information showing a stored location 
of said security descriptive file; 

an advance transmission process for said 
15 communication system to transmit said file for 
downloading to a temninal unit; and 

a process for requesting transmission of an 
authorization file for said terminal unit to request 
said communication system fortransmisslon of said 
20 security descriptive file by using said file for down- 
loading transmitted by said communication system 
in said advance transmission process, 

wherein, in said authorization transmission 
process, said communication system transmits to 
25 said terminal unit said security descriptive file re- 
quested by said process for requesting transmis- 
sion of an authorization file. 

16. A transmission method according to Claim 1 , 
30 wherein a process after said dependent infor- 
mation obtaining process is carried out only when 
a security descriptive file transmitted in said de- 
pendent Information transmission process is stored 
in said administering server unit. 

35 

17. A transmission method according to any one of 
Claim 1 to Claim 1 6, 

wherein said terminal unit is a mobile unit. 



40 18. A transmission, system comprising: 

a communication system for retuming, when a 
stored location of a file is notified, said file which 
comprises one or, a plurality of server units in 

45 which an entity file containing software for 

achieving an application and an application de- 
scriptive file which has a content dependent up- 
on said entity file showing a stored location of 
said entity file, and an adrhinistering server unit 

50 In which a security descriptive file containing a 

first identification information showing a stored 
location of said application descriptive file and 
authorization Information showing authoriza- 
tion given to an application which is achieved 

55 when a terminal unit executes said software is 

stored; and 

a temninal unit which approves operation of an 
application in accordance with authorization 
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given to said application, 

wherein said administering server unit trans- 
mits said security descriptive file to said terminal 
unit by assuring security, and 5 

wherein said tenninal unit obtains said appli- 
cation descriptive file by using said first identifica- 
tion infonnation contained In said security descrip- 
tive file transmitted by said communication system, 
and said entity file from said communication system io 
by using said application descriptive file. 

19. A transmission system according to Claim 18, 

wherein said administering server unit stores 
said application descriptive file. . 

20. A transmission system according to Claim 18, 

wherein said administering server unit stores 
said entity file. 

20 

21. A transmission system according to Claim 18, 

wherein, said administering server unit stores 
said application descriptive file, and 

wherein said administering server unit stores 

said entity file. 
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